﻿<?php
session_start();
ini_set('max_execution_TIME', 600);
include("dbconfig.php");


$examp = $_REQUEST["q"]; 
$ip=$_REQUEST["ip"];

$page = $_REQUEST['page']; 
$limit = $_REQUEST['rows']; 
$sidx = $_REQUEST['sidx']; 
$sord = $_REQUEST['sord']; 
$userid=$_SESSION['userid'];
$sign=$_SESSION['sign'];
if(!$sidx) $sidx =1;
$style=-1;
//搜索与初始化时候传出的参数

if(isset($_GET["style"]))
	{
	$style = $_GET['style'];
	}
else{
	$style= 0;
	}
if(isset($_GET["sip_mask"]))
	{
	$sip_mask = $_GET['sip_mask'];
	}
else{
	$sip_mask= '';
	}
if(isset($_GET["dip_mask"]))
	{
	$dip_mask = $_GET['dip_mask'];
	}
else{
	$dip_mask= '';
	}
if(isset($_GET["send_mask"]))
	{
	$send_mask = $_GET['send_mask'];
	}
else{
	$send_mask= '';
	}
if(isset($_GET["url_mask"]))
	{
	$url_mask = $_GET['url_mask'];
	}
else{
	$url_mask= '';
	}
if(isset($_GET["risk_mask"]))
	{
	$risk_mask = $_GET['risk_mask'];
	}
else{
	$risk_mask= '';
	}
if($_GET["type_mask"] != 'null'){
if(isset($_GET["type_mask"]))
    {
	$type_mask = $_GET['type_mask'];
	}
else{
	$type_mask = '';
	}
if(isset($_GET["type_mask"][0]))
    {
	$type_mask0 = $_GET['type_mask'][0];
	}
else{
	$type_mask0= '';
	}
if(isset($_GET["type_mask"][2]))
    {
	$type_mask1 = $_GET['type_mask'][2];
	}
else{
	$type_mask1= '';
	}
if(isset($_GET["type_mask"][4]))
    {
	$type_mask2 = $_GET['type_mask'][4];
	}
else{
	$type_mask2= '';
	}
}
if($_GET["deal_mask"] != 'null'){
if(isset($_GET["deal_mask"]))
    {
	$deal_mask = $_GET['deal_mask'];
	}
else{
	$deal_mask = '';
	}
if(isset($_GET["deal_mask"][0]))
    {
	$deal_mask0 = $_GET['deal_mask'][0];
	}
else{
	$deal_mask0= '';
	}
if(isset($_GET["deal_mask"][2]))
    {
	$deal_mask1 = $_GET['deal_mask'][2];
	}
else{
	$deal_mask1= '';
	}
if(isset($_GET["deal_mask"][4]))
    {
	$deal_mask2 = $_GET['deal_mask'][4];
	}
else{
	$deal_mask2= '';
	}
if(isset($_GET["deal_mask"][6]))
    {
	$deal_mask3 = $_GET['deal_mask'][6];
	}
else{
	$deal_mask3= '';
	}
}
if(isset($_GET["from_mask"]))
   {
	$from_mask = $_GET['from_mask'];
	}
else{
	$from_mask = '';
	}
if(isset($_GET["to_mask"]))
   {
	$to_mask = $_GET['to_mask'];
	}
else{
	$to_mask = '';
	} 
if(isset($_GET["url_mask"]))
   {
	$url_mask = $_GET['url_mask'];
	}
else{
	$url_mask = '';
	} 
	
//点击ip列表后传回的参数	


if($style==0){

$where = " WHERE 1=1 ";
if($from_mask!='')
	$where.= " AND date >='$from_mask%'";
if($to_mask!='')
	$where.= " AND date <='$to_mask%'";
$where.=" AND "."( "."1=1";
if($type_mask0!='')
	$where.= " AND type = '$type_mask0'";
if($type_mask1!='')
	$where.= " OR type = '$type_mask1'";
if($type_mask2!='')
	$where.= " OR type = '$type_mask2'";
$where.=")";
$where.=" AND "."( "."1=1";
if($deal_mask0!='')
	$where.= " AND deal = '$deal_mask0'";
if($deal_mask1!='')
	$where.= " OR deal = '$deal_mask1'";
if($deal_mask2!='')
	$where.= " OR deal = '$deal_mask2'";
if($deal_mask3!='')
	$where.= " OR deal = '$deal_mask3'";
$where.=")";
if($sip_mask!='')
    $where.= " AND sip like '%$sip_mask%'";
if($dip_mask!='')
    $where.= " AND dip like '%$dip_mask%'";
if($url_mask!='')
    $where.= " AND url like '%$url_mask%'";
if($risk_mask!='')
    $where.= " AND riskvalue >= '$risk_mask'";


$db = mysql_pconnect($dbhost, $dbuser, $dbpassword)
or die("Connection Error: " . mysql_error());

mysql_select_db($database) or die("Error conecting to db.");
$SQL ="select * from res_url ".$where;
$result = mysql_query($SQL);
if (!$result) echo "SQL错误：".mysql_error();
$count = mysql_num_rows($result);

if( $count >0 ) {
	$total_pages = ceil($count/$limit);
} else {
	$total_pages = 0;
}
if ($page > $total_pages) $page=$total_pages;
if ($limit<0) $limit = 0;
$start = $limit*$page - $limit; // do not put $limit*($page - 1)
if ($start<0) $start = 0;
$SQL ="select * from res_url ".$where." ORDER BY $sidx $sord LIMIT $start , $limit";
//echo $SQL;
$result = mysql_query( $SQL ) or die("Couldnt execute query.".mysql_error());
$responce->page = $page;
$responce->total = $total_pages;
$responce->records = $count;
$i=0;

while($row = mysql_fetch_array($result,MYSQL_ASSOC)) {
	$responce->rows[$i]['ID']=$row[ID];
		switch($row[type]){
   case 0: $row[type]="正常";break;
   case 1: $row[type]="可疑";break;
   case 2: $row[type]="非法";break;
    }
    	 	switch($row[deal]){
   case 0: $row[deal]="阻断";break;
   case 1: $row[deal]="隔离";break;
   case 2: $row[deal]="重定向";break;
   case 3: $row[deal]="欺骗";break;
    }
    
    switch($row[alarm]){
   case "00": $row[alarm]="没告警";break;
   case "01": $row[alarm]="邮件";break;
   case "10": $row[alarm]="短信";break;
   case "11": $row[alarm]="邮件+短信";break;
    }
    $responce->rows[$i]['cell']=array($row[id],"null",$row[date],$row[time],$row[url],$row[type],$row[deal],$row[riskvalue],$row[alarm],$row[sip],$row[dip],$row[sport],$row[dport],"null",$row[fileid]);
    $i++;
} 

echo json_encode($responce);
mysql_close($db);
}

else if($style==1)
{
$where = " WHERE 1=1 ";
if($from_mask!='')
	$where.= " AND date >='$from_mask%'";
if($to_mask!='')
	$where.= " AND date <='$to_mask%'";
if($url_mask!='')
    $where.= " AND url like '$url_mask'";
$db = mysql_pconnect($dbhost, $dbuser, $dbpassword)
or die("Connection Error: " . mysql_error());

mysql_select_db($database) or die("Error conecting to db.");
$SQL ="select * from res_url ".$where."group by date,type";
$result = mysql_query($SQL);
if (!$result) echo "SQL错误：".mysql_error();
$count = mysql_num_rows($result);

if( $count >0 ) {
	$total_pages = ceil($count/$limit);
} else {
	$total_pages = 0;
}
if ($page > $total_pages) $page=$total_pages;
if ($limit<0) $limit = 0;
$start = $limit*$page - $limit; // do not put $limit*($page - 1)
if ($start<0) $start = 0;
$SQL ="select id,time,date,sip,dip,sport,dport,url,type,count(*) as num from res_url ".$where."group by date, type ORDER BY $sidx $sord LIMIT $start , $limit";

$result = mysql_query( $SQL ) or die("Couldnt execute query1.".mysql_error());
$responce->page = $page;
$responce->total = $total_pages;
$responce->records = $count;
$i=0;

while($row = mysql_fetch_array($result,MYSQL_ASSOC)) {
	$responce->rows[$i]['ID']=$row[ID];
		switch($row[type]){
   case 0: $row[type]="正常";break;
   case 1: $row[type]="可疑";break;
   case 2: $row[type]="非法";break;
    }
    	 	switch($row[deal]){
   case 0: $row[deal]="阻断";break;
   case 1: $row[deal]="隔离";break;
   case 2: $row[deal]="重定向";break;
   case 3: $row[deal]="欺骗";break;
    }
        switch($row[alarm]){
   case "00": $row[alarm]="没告警";break;
   case "01": $row[alarm]="邮件";break;
   case "10": $row[alarm]="短信";break;
   case "11": $row[alarm]="邮件+短信";break;
    }
    $responce->rows[$i]['cell']=array($row[id],$row[url],$row[dport],$row[sip],$row[date],$row[num],$row[type]);
    $i++;
} 

echo json_encode($responce);
mysql_close($db);
} 
else if($style==2)
{
     
$where = " WHERE 1=1 ";
if($from_mask!='')
	$where.= " AND date like '$from_mask'";
if($url_mask!='')
	$where.= " AND url like '$url_mask'";
#if($type_mask!='')
#	$where.= " AND type ='$type_mask'";


$link = mysql_connect($dbhost,$dbuser,$dbpassword) or die('Unable to establish a DB connection');
mysql_select_db($database,$link);
mysql_query("SET names UTF8");
date_default_timezone_set($timezone); //北京时间
$ret=array();
$SQL="select id,count(*) as num,dip,sip,time,date from res_url ".$where." group by time";


$result = mysql_query($SQL); 
if (!$result) echo "SQL错误：".mysql_error();

while($row = mysql_fetch_array($result,MYSQL_ASSOC)) {
   $t_date=$row[date];
   $t_time=$row[time];
   $datetime=$t_date." ".$t_time;
   $x=strtotime($datetime)*1000;
   $y1=intval($row[num]);
   $y2=$row[sip];
   $tmp=array($x,$y1);
   array_push($ret,$tmp);
}
    
//$ret=array(array(1318253100000,100),array(1318253100029,200),array(1318253100040,1));
//$ret=array(array(1337084640000,1),array(1337084640000,2),array(337085300000,1));
echo json_encode($ret);


}
else if($style==3)
{
$where = " WHERE 1=1 ";
if($url_mask!='')
	$where.= " AND url like '$url_mask'";
#if($type_mask!='')
#	$where.= " AND type ='$type_mask'";


$link = mysql_connect($dbhost,$dbuser,$dbpassword) or die('Unable to establish a DB connection');
mysql_select_db($database,$link);
mysql_query("SET names UTF8");
date_default_timezone_set($timezone); //北京时间
$ret=array();
$SQL="select id,count(*) as num,dip,sip,date from res_url ".$where." group by date";


$result = mysql_query($SQL); 
if (!$result) echo "SQL错误：".mysql_error();

while($row = mysql_fetch_array($result,MYSQL_ASSOC)) {
   $t_date=$row[date];
  
  
   $x=strtotime($t_date)*1000;
   $y1=intval($row[num]);
   $y2=$row[sip];
   $tmp=array($x,$y1);
   array_push($ret,$tmp);
}
    
//$ret=array(array(1318253100000,100),array(1318253100029,200),array(1318253100040,1));
//$ret=array(array(1337084640000,1),array(1337084640000,2),array(337085300000,1));
echo json_encode($ret);

}
else if($style==4){
 $db = mysql_pconnect($dbhost, $dbuser, $dbpassword)
or die("Connection Error: " . mysql_error());   
$SQL="update res_url set iswhite=1,type=0 where url='$url_mask' ";    
mysql_select_db($database) or die("Error conecting to db.");
$result = mysql_query($SQL);
if (!$result) echo "SQL错误：".mysql_error();
    
$SQL ="select * from white_url where url like '$url_mask' ";
$result = mysql_query($SQL);
if (!$result) echo "SQL错误：".mysql_error();
$count = mysql_num_rows($result);
if($count==0)
{
$SQL="Insert into white_url (userid,sign,url) values ('$userid','$sign','$url_mask') "; 
$result = mysql_query($SQL);
if (!$result) echo "SQL错误：".mysql_error();
}
else{
echo "已经存在";
}
}
      

?>
